Infected USB Keys Mailed to American Businesses
A USB key is a useful tool for transferring information to and from computers. As such, if someone—especially an official government body—sends you a USB key, you’ll naturally want to plug it into your computer to see what’s inside. Don’t.
The FBI is warning businesses subscribed to its security alerts of a new USB key scam. Bad actors are sending infected USB keys through the mail to American organizations, purported to be from the US Department of Health and Human Services.
These fake USB keys supposedly contain COVID-19 guidelines; instead, the keys contain malware, which begins downloading once an unsuspecting user plugs the key into their computer. The key tricks the computer into thinking it is a keyboard, installs the malware, and initiates a ransomware attack.
This type of attack isn’t new; infected USB keys have been used for years as a subtle, passive way to gain access to hardware through the user themselves. The best defense against this type of activity is to never plug a strange USB key into your devices.